diff options
Diffstat (limited to 'kubernetes/aai')
79 files changed, 935 insertions, 1207 deletions
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml index b06609a0c4..77078332c9 100644 --- a/kubernetes/aai/Chart.yaml +++ b/kubernetes/aai/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP Active and Available Inventory name: aai -version: 14.0.3 +version: 15.0.1 dependencies: - name: common @@ -34,32 +34,35 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' - name: aai-babel - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/aai-babel' condition: aai-babel.enabled - name: aai-graphadmin - version: ~14.x-1 + version: ~15.x-0 repository: 'file://components/aai-graphadmin' condition: aai-graphadmin.enabled - name: aai-modelloader - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/aai-modelloader' condition: aai-modelloader.enabled - name: aai-resources - version: ~14.x-1 + version: ~15.x-0 repository: 'file://components/aai-resources' condition: aai-resources.enabled - name: aai-schema-service - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/aai-schema-service' condition: aai-schema-service.enabled - name: aai-sparky-be - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/aai-sparky-be' condition: aai-sparky-be.enabled - name: aai-traversal - version: ~14.x-1 + version: ~15.x-0 repository: 'file://components/aai-traversal' condition: aai-traversal.enabled - name: serviceAccount diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml index 50a7c24ee0..2d0a78bde4 100644 --- a/kubernetes/aai/components/aai-babel/Chart.yaml +++ b/kubernetes/aai/components/aai-babel/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Babel microservice name: aai-babel -version: 14.0.2 +version: 15.0.1 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties index 56560d5cb2..b28a4e7c6c 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/application.properties +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -24,4 +24,13 @@ server.servlet.context-path=/services/babel-service logging.config=${CONFIG_HOME}/logback.xml tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json +spring.application.name=aai-babel +spring.sleuth.enabled=true +spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.messaging.jms.enabled = false +spring.sleuth.trace-id128=true +spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.propagation.type=w3c, b3 +spring.sleuth.supports-join=false + management.endpoints.web.exposure.include=* diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml index baee38c0e2..39d494acc2 100644 --- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -21,10 +21,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index f3fc04c00c..782ed1226c 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -38,10 +38,12 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} ports: {{- if .Values.debug.enabled }} - containerPort: {{ .Values.debug.port }} @@ -99,6 +101,10 @@ spec: - mountPath: /opt/app/babel/config/logback.xml name: config subPath: logback.xml + - mountPath: /opt/app/babel/logs + name: babel-logs + - mountPath: /tmp + name: tmp resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -120,7 +126,14 @@ spec: secret: secretName: {{ include "common.fullname" . }}-babel-secrets - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.artifactDataSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + - name: babel-logs + emptyDir: + sizeLimit: {{ .Values.volumes.babelLogsSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index 9d7d2c5a80..3f2b97c210 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -21,11 +21,7 @@ kind: Secret metadata: name: {{ include "common.fullname" . }}-babel-secrets namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 54f8c5ea98..2a57bb23cc 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -25,10 +25,9 @@ global: {} ################################################################# # application image -image: onap/babel:1.13.3 +image: onap/babel:1.13.4 flavor: small -flavorOverride: small # default number of instances replicaCount: 1 @@ -85,16 +84,16 @@ resources: small: limits: cpu: "1" - memory: "4Gi" + memory: "3Gi" requests: - cpu: "0.5" + cpu: "200m" memory: "1Gi" large: limits: cpu: "4" - memory: "8Gi" + memory: "6Gi" requests: - cpu: "2" + cpu: "1" memory: "2Gi" unlimited: {} @@ -145,3 +144,15 @@ log: level: root: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + artifactDataSizeLimit: 50Mi + babelLogsSizeLimit: 100Mi + tmpSizeLimit: 100Mi + +securityContext: + user_id: 1000 + group_id: 101 + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml index 7c86fed9dd..13315415f2 100644 --- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml +++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP AAI GraphAdmin name: aai-graphadmin -version: 14.0.2 +version: 15.0.1 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties index 8f63ac85ab..cf9164295a 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -5,7 +5,7 @@ # ================================================================================ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,11 +29,11 @@ aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ -{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} +{{- if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} -{{ end }} +{{- end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index d124f63141..cc6b5677c5 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -111,5 +111,11 @@ aperture.service.timeout-in-milliseconds=300000 #To Expose the Prometheus scraping endpoint management.server.port={{ .Values.service.actuatorPort }} management.endpoints.enabled-by-default=true -management.endpoints.web.exposure.include=info,health,prometheus +management.endpoints.web.exposure.include=* management.security.enabled=false + +# If true, the actuator health check will be overriden +# to use the AaiGraphChecker check instead. +# This does the same as the /echo endpoint, +# but doesn't show up in micrometer metrics +aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml index 4e9bf7f7ff..04692fefcc 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml +++ b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml @@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} - labels: + labels: {{- include "common.labels" . | nindent 4 }} strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml index ddf752b480..1a32d7b516 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml @@ -25,11 +25,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} {{- if .Values.global.jobs.migration.enabled }} annotations: "helm.sh/hook": pre-upgrade,pre-install @@ -47,11 +43,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-properties namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} {{- if .Values.global.jobs.migration.enabled }} annotations: "helm.sh/hook": pre-upgrade,pre-install @@ -68,11 +60,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade,pre-install "helm.sh/hook-weight": "0" diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 6ac078b756..991727d7c6 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -23,20 +23,7 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: {{- if .Values.config.debug.enabled }} replicas: 1 @@ -54,19 +41,7 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: hostname: aai-graphadmin terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} @@ -207,11 +182,14 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: tmp-volume - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} - name: script-logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.scriptlogSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: config configMap: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 3f0c4e11e5..1cc431c94f 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -41,11 +41,7 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-db-backup namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade,pre-install "helm.sh/hook-weight": "2" @@ -54,38 +50,19 @@ spec: backoffLimit: 20 template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - - command: - - /bin/bash - - -c - - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-db-backup-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 6 | trim}} {{- end }} containers: - name: {{ include "common.name" . }}-db-backup-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - sh args: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index e67479a1d5..19e62ae7c4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -40,18 +40,12 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-create-db-schema namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} spec: backoffLimit: 20 template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: initContainers: @@ -76,6 +70,17 @@ spec: - name: JVM_OPTS value: {{ .Values.config.debug.args | quote }} {{- end }} + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} + key: sasl.jaas.config ports: {{- if .Values.config.debug.enabled }} - containerPort: {{ .Values.service.debugPort }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 4ec2306eca..f6f2f8b1a7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -41,11 +41,7 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} annotations: "helm.sh/hook": post-upgrade,post-rollback,post-install "helm.sh/hook-weight": "1" @@ -54,35 +50,12 @@ spec: backoffLimit: 20 template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithSchemaService) | indent 6 | trim }} - command: - sh args: @@ -125,6 +98,7 @@ spec: echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config @@ -172,11 +146,7 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-db-backup-job namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-db-backup-job - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade,pre-install "helm.sh/hook-weight": "2" @@ -185,9 +155,7 @@ spec: backoffLimit: 20 template: metadata: - labels: - app: {{ include "common.name" . }}-db-backup-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 8 }} name: {{ include "common.name" . }} spec: initContainers: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml index 563b920c04..cd72d7f219 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml @@ -16,16 +16,13 @@ {{- if .Values.global.jobs.migration.enabled -}} {{- if eq "True" (include "common.needPV" .) -}} +{{- if not .Values.persistence.storageClass -}} kind: PersistentVolume apiVersion: v1 metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "common.labels" . | nindent 4 }} name: {{ include "common.fullname" . }} annotations: "helm.sh/hook": pre-upgrade,pre-install @@ -42,3 +39,4 @@ spec: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }} {{- end -}} {{- end -}} +{{- end -}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml index bf8900686d..19c1016ca4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml @@ -20,11 +20,7 @@ apiVersion: v1 metadata: name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "common.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade,pre-install "helm.sh/hook-weight": "-1" diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index 16924e9d5c..b7c09cfd0e 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -25,12 +25,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -58,6 +53,4 @@ spec: name: {{ .Values.service.actuatorPortName }} targetPort: {{ .Values.service.appPort }} {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml index c0d9f212b4..dc706029bf 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml @@ -1,3 +1,3 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index dd95c8b67a..a2727757cf 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -103,7 +103,7 @@ global: # global defaults clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 # application image -image: onap/aai-graphadmin:1.14.7 +image: onap/aai-graphadmin:1.15.2 pullPolicy: Always restartPolicy: Always flavor: small @@ -194,6 +194,9 @@ config: - "-Dcom.sun.management.jmxremote.port=9999" - "-Dcom.sun.management.jmxremote.rmi.port=9999" - "-Djava.rmi.server.hostname=127.0.0.1" + env: + BOOTSTRAP_SERVERS: onap-strimzi-kafka-bootstrap:9092 + nodeSelector: {} @@ -214,6 +217,10 @@ startup: failureThreshold: 60 periodSeconds: 5 +actuator: + echo: + enabled: true + readinessCheck: waitForWithCreateSchemaEnabled: jobs: @@ -222,6 +229,23 @@ readinessCheck: services: - '{{ .Values.global.cassandra.serviceName }}' - aai-schema-service + waitForCassandra: + containers: + - aai-schema-service + apps: + - cassandra + waitForLocalCassandra: + containers: + - aai-schema-service + apps: + - aai-cassandra + waitForCassandraService: + services: + - '{{ .Values.global.cassandra.serviceName }}' + waitForWithSchemaService: + services: + - '{{ .Values.global.cassandra.serviceName }}' + - aai-schema-service service: type: ClusterIP @@ -284,8 +308,8 @@ resources: cpu: "1" memory: "4Gi" requests: - cpu: "0.5" - memory: "1.6Gi" + cpu: "500m" + memory: "1600Mi" large: limits: cpu: "2" @@ -312,9 +336,9 @@ metrics: selector: app: '{{ include "common.name" . }}' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' relabelings: [] @@ -362,3 +386,11 @@ kafkaUser: - name: AAI-EVENT type: topic operations: [Read, Write] + +volumes: + logSizeLimit: 64Mi + scriptlogSizeLimit: 300Mi + tmpSizeLimit: 500Mi + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml index 5ce5902869..2f561334f5 100644 --- a/kubernetes/aai/components/aai-modelloader/Chart.yaml +++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI modelloader name: aai-modelloader -version: 14.0.1 +version: 15.0.1 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml index dd8da5951a..90579b04e6 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml +++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml @@ -142,6 +142,8 @@ <!-- Model Loader loggers --> <logger name="org.openecomp.modelloader" level="INFO" /> + <logger name="org.onap.sdc.impl.NotificationConsumer" level="WARN" /> + <!-- Other Loggers that may help troubleshoot --> <logger name="net.sf" level="WARN" /> <logger name="org.apache.commons.httpclient" level="WARN" /> diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties index e32f48f77f..7c65c8683c 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties +++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml index d3fd509dcd..c2984626b6 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml @@ -19,11 +19,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-prop namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/application.properties").AsConfig . | indent 2 }} @@ -33,10 +29,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-log namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 486ffbaa49..f3753d0040 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -19,20 +19,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: {{- if .Values.debug.enabled }} replicas: 1 @@ -51,17 +38,7 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} @@ -69,10 +46,12 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: - name: CONFIG_HOME value: /opt/app/model-loader/config/ @@ -90,8 +69,8 @@ spec: value: {{ .Values.debug.args | quote }} {{- end }} ports: - - containerPort: 9500 - name: http + - containerPort: {{ .Values.service.appPort }} + name: {{ .Values.service.appPortName }} {{- if .Values.debug.enabled }} - containerPort: {{ .Values.debug.port }} name: {{ .Values.debug.portName }} @@ -109,6 +88,8 @@ spec: name: prop-config - mountPath: {{ .Values.log.path }} name: logs + - mountPath: /tmp + name: tmp - mountPath: /opt/app/model-loader/logback.xml name: log-config subPath: logback.xml @@ -121,7 +102,11 @@ spec: configMap: name: {{ include "common.fullname" . }}-prop - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: log-config configMap: diff --git a/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml index 1eb564ed72..961a850ee9 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml @@ -19,8 +19,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: {{ include "common.fullname" . }} - labels: - {{- include "common.labels" . | nindent 4 }} + labels: {{- include "common.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index b28989c78f..6c8cdb7d31 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -25,7 +25,6 @@ image: onap/model-loader:1.14.2 pullPolicy: Always restartPolicy: Always flavor: small -flavorOverride: small # Strimzi KafkaUser config kafkaUser: @@ -75,17 +74,22 @@ nodeSelector: {} affinity: {} +service: + # REST API port for the graphadmin microservice + appPortName: http + appPort: 9500 + # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container enabled: true + path: /healthz + periodSeconds: 10 + initialDelaySeconds: 10 readiness: - initialDelaySeconds: 10 + path: /healthz periodSeconds: 10 + initialDelaySeconds: 10 resources: small: @@ -93,7 +97,7 @@ resources: cpu: "1" memory: "4Gi" requests: - cpu: "0.5" + cpu: "500m" memory: "1Gi" large: limits: @@ -136,3 +140,7 @@ log: level: root: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + logSizeLimit: 64Mi + tmpSizeLimit: 100Mi diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml index c67329d234..c83a28671c 100644 --- a/kubernetes/aai/components/aai-resources/Chart.yaml +++ b/kubernetes/aai/components/aai-resources/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI resources name: aai-resources -version: 14.0.2 +version: 15.0.1 dependencies: - name: common @@ -30,3 +30,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 0f6f2923af..6392a8e0b0 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -91,7 +91,7 @@ aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }} # # Indicator to enable or disable scheduled task (true/false) -aai.graph.checker.task.enabled=true +aai.graph.checker.task.enabled=false # Delay, in seconds, before the scheduled task is started, if enabled aai.graph.checker.task.delay=5 diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties index 774e8bd5ca..738634d230 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties @@ -11,4 +11,4 @@ keycloak.public-client=true keycloak.principal-attribute=preferred_username keycloak.ssl-required=external -keycloak.bearer-only=true
\ No newline at end of file +keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 5762460a02..eae146b845 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -107,7 +107,7 @@ schema.service.client=no-auth #to expose the Prometheus scraping endpoint management.server.port=8448 management.endpoints.enabled-by-default=true -management.endpoints.web.exposure.include=info,health,prometheus +management.endpoints.web.exposure.include=* endpoints.enabled={{ .Values.endpoints.enabled }} endpoints.info.enabled={{ .Values.endpoints.info.enabled }} endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }} @@ -118,4 +118,10 @@ management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms #Add common tag for grouping all aai related metrics management.metrics.tags.group_id=aai #It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 -scrape.uri.metrics=false
\ No newline at end of file +scrape.uri.metrics=false + +# If true, the actuator health check will be overriden +# to use the AaiGraphChecker check instead. +# This does the same as the /echo endpoint, +# but doesn't show up in micrometer metrics +aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties deleted file mode 100644 index b6fdd4c58f..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties +++ /dev/null @@ -1,102 +0,0 @@ -{{/* -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -*/}} - -query.fast-property=true -query.smart-limit=false - -{{ if .Values.global.config.cluster.cassandra.dynamic }} - -storage.backend=cql -storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph -storage.username={{.Values.global.cassandra.username}} -storage.password={{.Values.global.cassandra.password}} - -storage.cql.read-consistency-level=LOCAL_QUORUM -storage.cql.write-consistency-level=LOCAL_QUORUM -storage.cql.replication-factor={{.Values.global.cassandra.replicas}} -storage.cql.only-use-local-consistency-for-system-operations=true - -{{ else }} - -{{ if .Values.global.config.storage }} - -storage.backend={{ .Values.global.config.storage.backend }} - -{{ if eq .Values.global.config.storage.backend "cassandra" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "cql" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cql.keyspace={{ .Values.global.config.storage.name }} - -storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} - -storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} -storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "hbase" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.hbase.table={{ .Values.global.config.storage.name }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ end }} - -{{ end }} - -{{ end }} - -storage.lock.wait-time=300 -#caching on -cache.db-cache = true -cache.db-cache-clean-wait = 20 -cache.db-cache-time = 180000 -cache.db-cache-size = 0.3 - -#load graphson file on startup -load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties index 36940a8921..1f46755b83 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties @@ -16,12 +16,10 @@ # limitations under the License. # ============LICENSE_END========================================================= */}} - query.fast-property=true query.smart-limit=false -{{ if .Values.global.config.cluster.cassandra.dynamic }} - +{{- if .Values.global.config.cluster.cassandra.dynamic }} storage.backend=cql storage.hostname={{.Values.global.cassandra.serviceName}} storage.username={{.Values.global.cassandra.username}} @@ -34,21 +32,16 @@ storage.cql.write-consistency-level=LOCAL_QUORUM storage.cql.replication-factor={{.Values.global.cassandra.replicas}} storage.cql.only-use-local-consistency-for-system-operations=true -{{ if .Values.global.cassandra.partitionerName }} +{{- if .Values.global.cassandra.partitionerName }} storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }} -{{ end }} - -{{ else }} - -{{ if .Values.global.config.storage }} - +{{- end }} +{{- else -}} +{{- if .Values.global.config.storage }} storage.backend={{ .Values.global.config.storage.backend }} - -{{ if eq .Values.global.config.storage.backend "cql" }} - +{{- if eq .Values.global.config.storage.backend "cql" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.cql.keyspace={{ .Values.global.config.storage.name }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} @@ -56,26 +49,21 @@ storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationF storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - {{ else if eq .Values.global.config.storage.backend "hbase" }} - storage.hostname={{ .Values.global.config.storage.hostname }} storage.hbase.table={{ .Values.global.config.storage.name }} storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ end }} - -{{ end }} - -{{ end }} +{{- end }} +{{- end }} +{{- end }} storage.lock.wait-time=300 @@ -83,16 +71,16 @@ storage.lock.wait-time=300 # Setting db-cache to false will ensure the fastest propagation of changes across servers # Setting db-cache to true will ensure fastest response times cache.db-cache={{ .Values.config.janusgraph.caching.enabled }} -{{ if .Values.config.janusgraph.caching.enabled }} +{{- if .Values.config.janusgraph.caching.enabled }} # cache-time in milliseconds cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }} cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }} cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }} -{{ end }} +{{- end }} #load graphson file on startup load.snapshot.file=false -{{ if .Values.config.janusgraph.allowUpgrade }} +{{- if .Values.config.janusgraph.allowUpgrade }} graph.allow-upgrade=true -{{ end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml index 07919a97a2..54c3d81e05 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -105,4 +105,4 @@ %z - Custom pattern that parses the cert for the subject
%y - Custom pattern determines rest or dme2
-->
-*/}}
\ No newline at end of file +*/}}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml index 441539361f..a90f354cbe 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -388,10 +388,10 @@ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO"> <appender-ref ref="asyncAUDIT"/> </logger> - <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO"> + <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level={{ .Values.log.level.audit | upper | quote }}> <appender-ref ref="asyncAUDIT"/> </logger> - <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO"> + <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level={{ .Values.log.level.dbMetric | upper | quote }}> <appender-ref ref="asyncMETRIC"/> </logger> <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO"> @@ -433,4 +433,4 @@ </if> <appender-ref ref="STDOUT"/> </root> -</configuration>
\ No newline at end of file +</configuration> diff --git a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml index 6b703e7cdd..f6063a024d 100644 --- a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml +++ b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml @@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }} - labels: + labels: {{- include "common.labels" . | nindent 4 }} strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: diff --git a/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml new file mode 100644 index 0000000000..29b191b68d --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.autoscaling.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "common.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index eccc4ba491..8e13c8c90d 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -20,16 +20,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index f00cb99d21..cb434ed2cd 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -20,22 +20,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} + replicas: 1 + {{- else }} + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: @@ -47,19 +40,7 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} {{- if .Values.global.msbEnabled }} {{ $values := .Values }} msb.onap.org/service-info: '[ @@ -93,44 +74,20 @@ spec: spec: hostname: aai-resources terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - {{- if .Values.global.jobs.migration.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - {{- end }} - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{- if .Values.global.jobs.migration.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} + {{- else if .Values.global.jobs.createSchema.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} + {{- else }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: {{- if .Values.config.env }} {{- range $key,$value := .Values.config.env }} @@ -146,10 +103,6 @@ spec: - name: POST_JVM_ARGS value: {{ .Values.config.debug.args | quote }} {{- end }} - - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - name: INTERNAL_PORT_1 value: {{ .Values.service.resourcesPort | quote }} - name: INTERNAL_PORT_2 @@ -167,9 +120,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties @@ -190,6 +140,8 @@ spec: - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties + - mountPath: /tmp + name: tmp ports: - containerPort: {{ .Values.service.resourcesPort }} name: {{ .Values.service.resourcesPortName }} @@ -220,33 +172,27 @@ spec: {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.resourcesPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: LivenessCheck - - name: X-TransactionId - value: LiveCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.liveness.path }} + {{- if .Values.liveness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{- end }} readinessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.resourcesPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: ReadinessCheck - - name: X-TransactionId - value: ReadinessCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.readiness.path }} + {{- if .Values.readiness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.readiness.periodSeconds }} + startupProbe: + httpGet: + port: {{ .Values.service.metricsPort }} + path: {{ .Values.startup.path }} + failureThreshold: {{ .Values.startup.failureThreshold }} + periodSeconds: {{ .Values.startup.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} @@ -259,7 +205,11 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 308dc052c8..605679ee52 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -19,12 +19,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -54,8 +49,6 @@ spec: name: {{ .Values.service.metricsPortName }} targetPort: {{ .Values.service.metricsPortName }} {{- end }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} clusterIP: None sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 630c88a244..7cba7a425e 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -134,11 +134,10 @@ aai_enpoints: url: external-system # application image -image: onap/aai-resources:1.14.7 +image: onap/aai-resources:1.15.2 pullPolicy: Always restartPolicy: Always flavor: small -flavorOverride: small # default number of instances replicaCount: 1 @@ -178,7 +177,7 @@ config: enabled: true # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching dbCacheTime: 180000 # in milliseconds - dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running + dbCacheSize: 0.5 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running dbCacheCleanWait: 20 # in milliseconds # temporarily enable this to update the graph storage version # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9 @@ -209,7 +208,6 @@ config: # environment variables added to the launch of the image in deployment env: MIN_HEAP_SIZE: "512m" - MAX_HEAP_SIZE: "2g" MAX_METASPACE_SIZE: "512m" # adds jvm args for remote debugging the application @@ -239,14 +237,23 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 - periodSeconds: 60 enabled: true + path: /actuator/health/liveness + periodSeconds: 10 readiness: - initialDelaySeconds: 60 + path: /actuator/health/readiness periodSeconds: 10 +startup: + path: /actuator/health/liveness + failureThreshold: 60 + periodSeconds: 5 + +actuator: + echo: + enabled: true + service: type: ClusterIP resourcesPortName: http @@ -290,7 +297,7 @@ resources: large: limits: cpu: "8" - memory: "12Gi" + memory: "8Gi" requests: cpu: "4" memory: "6Gi" @@ -311,9 +318,15 @@ endpoints: info: enabled: true +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + metrics: serviceMonitor: - enabled: false + enabled: true targetPort: 8448 path: /actuator/prometheus basicAuth: @@ -341,9 +354,9 @@ metrics: ## selector: app: '{{ include "common.name" . }}' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig @@ -373,8 +386,10 @@ serviceAccount: log: path: /var/log/onap level: - root: DEBUG - base: DEBUG # base package (org.onap.aai) + root: INFO + base: INFO # base package (org.onap.aai) + audit: WARN + dbMetric: WARN logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # To make logback capping values configurable @@ -406,3 +421,26 @@ kafkaUser: - name: AAI-EVENT type: topic operations: [Read, Write] + +volumes: + logSizeLimit: 50Mi + tmpSizeLimit: 100Mi + +securityContext: + user_id: 1000 + group_id: 1000 + +readinessCheck: + wait_for_migration: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-migration' + wait_for_createSchema: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' + wait_for_cassandra: + services: + - '{{ .Values.global.cassandra.serviceName }}' + - aai-schema-service + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml index 47064859d5..b10eaa2e43 100644 --- a/kubernetes/aai/components/aai-schema-service/Chart.yaml +++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI Schema Service name: aai-schema-service -version: 14.0.2 +version: 15.0.1 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml index d062835849..36acef2c62 100644 --- a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml @@ -9,7 +9,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -58,4 +58,4 @@ %z - Custom pattern that parses the cert for the subject %y - Custom pattern determines rest or dme2 --> -*/}}
\ No newline at end of file +*/}} diff --git a/kubernetes/aai/components/aai-schema-service/config/logback.xml b/kubernetes/aai/components/aai-schema-service/config/logback.xml index e91e257d14..11837c5bbc 100644 --- a/kubernetes/aai/components/aai-schema-service/config/logback.xml +++ b/kubernetes/aai/components/aai-schema-service/config/logback.xml @@ -10,7 +10,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -295,7 +295,7 @@ <logger name="com.att.aft.dme2" level="WARN"/> - <root level="DEBUG"> + <root level={{ .Values.log.level.root | upper | quote }}> <appender-ref ref="STDOUT" /> <appender-ref ref="external"/> </root> diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml index 957387158a..0490f4325a 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml @@ -19,11 +19,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-log namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }} --- @@ -32,11 +28,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-localhost-access-log namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }} --- @@ -45,11 +37,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-aaiconfig namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }} --- @@ -58,11 +46,7 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-springapp namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }} --- @@ -71,10 +55,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-realm namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index d4041bed57..9fadcd7077 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -19,22 +19,13 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "" "labels" .Values.labels "annotations" .Values.annotations ) | nindent 2 }} spec: + {{- if .Values.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} @@ -47,29 +38,31 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + - command: ["cp", "-R", "/opt/app/aai-schema-service/.", "/opt/app/aai-schema-service_rw/"] + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: copy-base-folder + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 3m + memory: 20Mi + volumeMounts: + - mountPath: /opt/app/aai-schema-service_rw + name: aai-schema-service containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} {{- if .Values.profiling.enabled }} - name: PRE_JVM_ARGS value: '{{ join " " .Values.profiling.args }}' @@ -79,6 +72,8 @@ spec: value: {{ .Values.debug.args | quote }} {{- end }} volumeMounts: + - mountPath: /opt/app/aai-schema-service + name: aai-schema-service - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties name: aaiconfig-conf subPath: aaiconfig.properties @@ -138,8 +133,12 @@ spec: - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth + - name: aai-schema-service + emptyDir: + sizeLimit: {{ .Values.volumes.aaiSizeLimit }} - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: log-conf configMap: diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml index 412b62c6fe..de0270f592 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml @@ -19,12 +19,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -45,6 +40,4 @@ spec: name: {{ .Values.service.debugPortName }} targetPort: {{ .Values.service.debugPortName }} {{- end }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 12dfaea091..3763db940e 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -63,7 +63,7 @@ global: # global defaults image: onap/aai-schema-service:1.12.5 pullPolicy: Always restartPolicy: Always -flavorOverride: small +flavor: small # default number of instances replicaCount: 1 @@ -175,4 +175,13 @@ securityContext: #Log configuration log: path: /var/log/onap + level: + root: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + logSizeLimit: 50Mi + aaiSizeLimit: 150Mi + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml index 5f05c6d428..074e266228 100644 --- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml +++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI sparky-be name: aai-sparky-be -version: 14.0.0 +version: 15.0.1 dependencies: - name: common @@ -29,3 +29,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties index 084f6e46bc..96c19d43d7 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties @@ -15,4 +15,4 @@ */}} oxm.apiVersion=v14 -oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties index 4465fb3e11..6fcdc3d405 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties @@ -15,4 +15,4 @@ */}} oxm.apiVersionOverride=v14 -oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14
\ No newline at end of file +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties index 4fb10a21f7..e617554eb3 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties @@ -3,4 +3,4 @@ historicalEntitySyncEnabled=true autoSuggestSyncEnabled=true vnfAliasSyncEnabled=true geoSyncEnabled=true -viewInspectSyncEnabled=true
\ No newline at end of file +viewInspectSyncEnabled=true diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml index cd5338f5b3..5ceae5c641 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml @@ -1,187 +1,187 @@ <configuration scan="true" scanPeriod="3 seconds" debug="false"> - <!--{{/* - # Copyright © 2018 AT&T - # Copyright © 2021 Orange - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - */}}--> - <!--<jmxConfigurator /> --> - <!-- directory path for all other type logs --> - - <property name="logDir" value="/var/log/onap" /> - - <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" - | "SDNC" | "AC" --> - <property name="componentName" value="AAI-UI"></property> - - <!-- default eelf log file names --> - <property name="generalLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - - <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" /> - <property name="auditMetricPattern" value="%m%n" /> - - <property name="logDirectory" value="${logDir}/${componentName}" /> - - - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - - <!-- The EELFAppender is used to record events to the general application - log --> - - <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${generalLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip +<!--{{/* + # Copyright © 2018 AT&T + # Copyright © 2021 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + */}}--> +<!--<jmxConfigurator /> --> +<!-- directory path for all other type logs --> + +<property name="logDir" value="/var/log/onap" /> + +<!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" + | "SDNC" | "AC" --> +<property name="componentName" value="AAI-UI"></property> + +<!-- default eelf log file names --> +<property name="generalLogName" value="error" /> +<property name="metricsLogName" value="metrics" /> +<property name="auditLogName" value="audit" /> +<property name="debugLogName" value="debug" /> + +<property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" /> +<property name="auditMetricPattern" value="%m%n" /> + +<property name="logDirectory" value="${logDir}/${componentName}" /> + + +<!-- Example evaluator filter applied against console appender --> +<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> +</appender> + +<!-- ============================================================================ --> +<!-- EELF Appenders --> +<!-- ============================================================================ --> + +<!-- The EELFAppender is used to record events to the general application + log --> + +<appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip </fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> - <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <queueSize>256</queueSize> - <appender-ref ref="EELF" /> - </appender> - - - <!-- EELF Audit Appender. This appender is used to record audit engine related - logging events. The audit logger and appender are specializations of the - EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - - <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> +</appender> +<appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> +</appender> + + +<!-- EELF Audit Appender. This appender is used to record audit engine related + logging events. The audit logger and appender are specializations of the + EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + +<appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip </fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${auditMetricPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> +</appender> +<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> +</appender> + +<appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip </fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> --> - <pattern>${auditMetricPattern}</pattern> - </encoder> - </appender> - - - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - - <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> +</appender> + + +<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics" /> +</appender> + +<appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip </fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>false</includeCallerData> - </appender> - - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf" level="info" additivity="false"> - <appender-ref ref="asyncEELF" /> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </logger> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" /> - <logger name="org.springframework.beans" level="WARN" /> - <logger name="org.springframework.web" level="WARN" /> - <logger name="com.blog.spring.jms" level="WARN" /> - - <!-- Sparky loggers --> - <logger name="org.onap" level="INFO"> - <appender-ref ref="STDOUT" /> - </logger> - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" /> - <logger name="org.apache.commons.httpclient" level="WARN" /> - <logger name="org.apache.commons" level="WARN" /> - <logger name="org.apache.coyote" level="WARN" /> - <logger name="org.apache.jasper" level="WARN" /> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" /> - <logger name="org.apache.cxf" level="WARN" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" /> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> - <logger name="org.apache.cxf.service" level="WARN" /> - <logger name="org.restlet" level="WARN" /> - <logger name="org.apache.camel.component.restlet" level="WARN" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="WARN" /> - <logger name="ch.qos.logback.core" level="WARN" /> - - <root> - <appender-ref ref="asyncEELF" /> - <appender-ref ref="STDOUT" /> - <!-- <appender-ref ref="asyncEELFDebug" /> --> - </root> - -</configuration>
\ No newline at end of file + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> +</appender> + +<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> +</appender> + +<!-- ============================================================================ --> +<!-- EELF loggers --> +<!-- ============================================================================ --> +<logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> +</logger> + +<logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> +</logger> +<logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> +</logger> + +<!-- Spring related loggers --> +<logger name="org.springframework" level="WARN" /> +<logger name="org.springframework.beans" level="WARN" /> +<logger name="org.springframework.web" level="WARN" /> +<logger name="com.blog.spring.jms" level="WARN" /> + +<!-- Sparky loggers --> +<logger name="org.onap" level="INFO"> + <appender-ref ref="STDOUT" /> +</logger> + +<!-- Other Loggers that may help troubleshoot --> +<logger name="net.sf" level="WARN" /> +<logger name="org.apache.commons.httpclient" level="WARN" /> +<logger name="org.apache.commons" level="WARN" /> +<logger name="org.apache.coyote" level="WARN" /> +<logger name="org.apache.jasper" level="WARN" /> + +<!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> +<logger name="org.apache.camel" level="WARN" /> +<logger name="org.apache.cxf" level="WARN" /> +<logger name="org.apache.camel.processor.interceptor" level="WARN" /> +<logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> +<logger name="org.apache.cxf.service" level="WARN" /> +<logger name="org.restlet" level="WARN" /> +<logger name="org.apache.camel.component.restlet" level="WARN" /> + +<!-- logback internals logging --> +<logger name="ch.qos.logback.classic" level="WARN" /> +<logger name="ch.qos.logback.core" level="WARN" /> + +<root> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="STDOUT" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> +</root> + +</configuration> diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml index 7c958fa410..407850eb7f 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -17,13 +17,6 @@ --- apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 3c0b4b9d92..ede5b60676 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -22,7 +22,11 @@ kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} + {{- if .Values.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} @@ -34,32 +38,14 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --service-name - - aai - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - sh args: @@ -154,9 +140,11 @@ spec: configMap: name: {{ include "common.fullname" . }} - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.modeldirSizeLimit }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index e017032b03..9cbe9e5fd2 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -33,7 +33,6 @@ image: onap/sparky-be:2.0.5 pullPolicy: Always restartPolicy: Always flavor: small -flavorOverride: small dockerhubRepository: registry.hub.docker.com ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 # application configuration @@ -129,23 +128,24 @@ serviceMesh: podAnnotations: sidecar.istio.io/rewriteAppHTTPProbers: "false" + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: small: limits: - cpu: "0.5" + cpu: "500m" memory: "4Gi" requests: - cpu: "0.25" + cpu: "250m" memory: "1Gi" large: limits: cpu: "1" memory: "8Gi" requests: - cpu: "0.5" + cpu: "500m" memory: "2Gi" unlimited: {} @@ -159,3 +159,16 @@ serviceAccount: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + logSizeLimit: 64Mi + modeldirSizeLimit: 64Mi + +securityContext: + user_id: 1000 + group_id: 1000 + +readinessCheck: + wait_for: + services: + - aai diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml index 3b2d8b819e..f4e458f0fb 100644 --- a/kubernetes/aai/components/aai-traversal/Chart.yaml +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI traversal name: aai-traversal -version: 14.0.2 +version: 15.0.1 dependencies: - name: common @@ -29,3 +29,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index da2703dd41..fff5d5d3d0 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright � 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,11 +26,21 @@ spring.application.name=aai-traversal spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true -server.servlet.context-path=/ +server.servlet.context-path=${schema.uri.base.path} spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration spring.profiles.active={{ .Values.global.config.profiles.active }} -spring.jersey.application-path=${schema.uri.base.path} +spring.jersey.application-path=/ + +spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.messaging.jms.enabled = false +spring.sleuth.trace-id128=true +spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.propagation.type=w3c, b3 +spring.sleuth.supports-join=false +spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} + + #The max number of active threads in this pool server.tomcat.max-threads=200 #The minimum number of threads always kept alive @@ -49,7 +59,6 @@ server.ssl.enabled=false # JMS bind address host port jms.bind.address=tcp://localhost:61647 - # dmaap is deprecated now kafka is used spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT @@ -101,7 +110,8 @@ schema.service.client=no-auth #to expose the Prometheus scraping endpoint management.server.port=8448 management.endpoints.enabled-by-default=true -management.endpoints.web.exposure.include=info,health,prometheus +management.endpoints.web.exposure.include=* +management.security.enabled=false endpoints.enabled={{ .Values.endpoints.enabled }} endpoints.info.enabled={{ .Values.endpoints.info.enabled }} endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }} @@ -113,3 +123,9 @@ management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms management.metrics.tags.group_id=aai #It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 scrape.uri.metrics=false + +# If true, the actuator health check will be overriden +# to use the AaiGraphChecker check instead. +# This does the same as the /echo endpoint, +# but doesn't show up in micrometer metrics +aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties deleted file mode 100644 index b6fdd4c58f..0000000000 --- a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties +++ /dev/null @@ -1,102 +0,0 @@ -{{/* -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -*/}} - -query.fast-property=true -query.smart-limit=false - -{{ if .Values.global.config.cluster.cassandra.dynamic }} - -storage.backend=cql -storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph -storage.username={{.Values.global.cassandra.username}} -storage.password={{.Values.global.cassandra.password}} - -storage.cql.read-consistency-level=LOCAL_QUORUM -storage.cql.write-consistency-level=LOCAL_QUORUM -storage.cql.replication-factor={{.Values.global.cassandra.replicas}} -storage.cql.only-use-local-consistency-for-system-operations=true - -{{ else }} - -{{ if .Values.global.config.storage }} - -storage.backend={{ .Values.global.config.storage.backend }} - -{{ if eq .Values.global.config.storage.backend "cassandra" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "cql" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cql.keyspace={{ .Values.global.config.storage.name }} - -storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} - -storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} -storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "hbase" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.hbase.table={{ .Values.global.config.storage.name }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ end }} - -{{ end }} - -{{ end }} - -storage.lock.wait-time=300 -#caching on -cache.db-cache = true -cache.db-cache-clean-wait = 20 -cache.db-cache-time = 180000 -cache.db-cache-size = 0.3 - -#load graphson file on startup -load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties index 36940a8921..47095adf93 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties @@ -20,7 +20,7 @@ query.fast-property=true query.smart-limit=false -{{ if .Values.global.config.cluster.cassandra.dynamic }} +{{- if .Values.global.config.cluster.cassandra.dynamic }} storage.backend=cql storage.hostname={{.Values.global.cassandra.serviceName}} @@ -34,21 +34,21 @@ storage.cql.write-consistency-level=LOCAL_QUORUM storage.cql.replication-factor={{.Values.global.cassandra.replicas}} storage.cql.only-use-local-consistency-for-system-operations=true -{{ if .Values.global.cassandra.partitionerName }} +{{- if .Values.global.cassandra.partitionerName }} storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }} -{{ end }} +{{- end }} -{{ else }} +{{- else -}} -{{ if .Values.global.config.storage }} +{{- if .Values.global.config.storage }} storage.backend={{ .Values.global.config.storage.backend }} -{{ if eq .Values.global.config.storage.backend "cql" }} +{{- if eq .Values.global.config.storage.backend "cql" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.cql.keyspace={{ .Values.global.config.storage.name }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} @@ -56,13 +56,13 @@ storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationF storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} -{{ else if eq .Values.global.config.storage.backend "hbase" }} +{{- else if eq .Values.global.config.storage.backend "hbase" -}} storage.hostname={{ .Values.global.config.storage.hostname }} storage.hbase.table={{ .Values.global.config.storage.name }} @@ -71,11 +71,9 @@ storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} -{{ end }} - -{{ end }} - -{{ end }} +{{- end }} +{{- end }} +{{- end }} storage.lock.wait-time=300 @@ -83,16 +81,16 @@ storage.lock.wait-time=300 # Setting db-cache to false will ensure the fastest propagation of changes across servers # Setting db-cache to true will ensure fastest response times cache.db-cache={{ .Values.config.janusgraph.caching.enabled }} -{{ if .Values.config.janusgraph.caching.enabled }} +{{- if .Values.config.janusgraph.caching.enabled }} # cache-time in milliseconds cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }} cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }} cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }} -{{ end }} +{{- end }} #load graphson file on startup load.snapshot.file=false -{{ if .Values.config.janusgraph.allowUpgrade }} +{{- if .Values.config.janusgraph.allowUpgrade }} graph.allow-upgrade=true -{{ end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml index 5e3a15c66a..1e3756adc9 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml @@ -1,23 +1,23 @@ {{/*<!--
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright © 2018 Amdocs, Bell Canada
- Modifications Copyright © 2020 Orange
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ Modifications Copyright © 2020 Orange
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
-->
*/}}
<configuration scan="true" scanPeriod="60 seconds" debug="false">
@@ -94,4 +94,4 @@ %z - Custom pattern that parses the cert for the subject
%y - Custom pattern determines rest or dme2
--->*/}}
\ No newline at end of file +-->*/}}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml index 21f48f7c93..faae0ee518 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -1,23 +1,23 @@ {{/*<!-- - ============LICENSE_START======================================================= - org.onap.aai - ================================================================================ - Copyright © 2017 AT&T Intellectual Property. All rights reserved. - Modifications Copyright © 2018 Amdocs, Bell Canada - Modifications Copyright © 2020 Orange - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + ============LICENSE_START======================================================= + org.onap.aai + ================================================================================ + Copyright © 2017 AT&T Intellectual Property. All rights reserved. + Modifications Copyright © 2018 Amdocs, Bell Canada + Modifications Copyright © 2020 Orange + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= --> */}} <configuration scan="true" scanPeriod="60 seconds" debug="false"> @@ -432,4 +432,4 @@ </if> <appender-ref ref="STDOUT" /> </root> -</configuration>
\ No newline at end of file +</configuration> diff --git a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml index 7c6a252315..966e5663f2 100644 --- a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml +++ b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml @@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }} - labels: + labels: {{- include "common.labels" . | nindent 4 }} strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: diff --git a/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml new file mode 100644 index 0000000000..a14a9b5bda --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml @@ -0,0 +1,29 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "common.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index e3d7299c3a..e9415df278 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -18,19 +18,11 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index d8977520a5..d12fc6b702 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -20,22 +20,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} + replicas: 1 + {{- else }} + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: @@ -47,19 +40,7 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} {{- if .Values.global.msbEnabled }} {{ $values := .Values }} msb.onap.org/service-info: '[ @@ -113,43 +94,19 @@ spec: hostname: aai-traversal terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: - - command: - - /app/ready.py - args: {{- if .Values.global.jobs.migration.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - {{- end }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} + {{- else if .Values.global.jobs.createSchema.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} + {{- else }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: {{- if .Values.config.env }} {{- range $key,$value := .Values.config.env }} @@ -157,6 +114,13 @@ spec: value: {{ $value | quote}} {{- end }} {{- end }} + {{- if eq .Values.flavor "small" }} + - name: MAX_HEAP_SIZE + value: {{ .Values.small.maxHeapSize | quote }} + {{- else if eq .Values.flavor "large" }} + - name: MAX_HEAP_SIZE + value: {{ .Values.large.maxHeapSize | quote }} + {{- end }} {{- if .Values.config.profiling.enabled }} - name: PRE_JVM_ARGS value: '{{ join " " .Values.config.profiling.args }}' @@ -167,10 +131,6 @@ spec: {{- end }} - name: DISABLE_UPDATE_QUERY value: {{ .Values.config.disableUpdateQuery | quote }} - - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - name: INTERNAL_PORT_1 value: {{ .Values.service.traversalPort | quote }} - name: INTERNAL_PORT_2 @@ -188,9 +148,6 @@ spec: - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties @@ -213,6 +170,8 @@ spec: - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties + - mountPath: /tmp + name: tmp ports: - containerPort: {{ .Values.service.traversalPort }} name: {{ .Values.service.traversalPortName }} @@ -243,41 +202,27 @@ spec: {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.traversalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: LivenessCheck - - name: X-TransactionId - value: LiveCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.liveness.path }} + {{- if .Values.liveness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} + {{- end }} readinessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.traversalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: ReadinessCheck - - name: X-TransactionId - value: ReadinessCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.readiness.path }} + {{- if .Values.readiness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} # side car containers @@ -285,9 +230,14 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} - name: {{ include "common.fullname" . }}-logs-misc - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logmiscSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 3977f827d6..3ea973fb99 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -24,11 +24,7 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-update-query-data namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} {{ if .Values.global.jobs.migration.enabled }} annotations: "helm.sh/hook": post-upgrade,post-rollback,post-install @@ -38,33 +34,12 @@ metadata: spec: template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - name: {{ include "common.name" . }}-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --service-name - - aai - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }} - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -72,6 +47,8 @@ spec: - sh - "-c" - | + set -x; + until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; sleep 1; @@ -83,6 +60,16 @@ spec: requests: cpu: "3m" memory: "20Mi" + securityContext: + runAsUser: 100 + runAsGroup: 65533 + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -99,20 +86,12 @@ spec: sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} - - env: - - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} resources: {{ include "common.resources" . | nindent 10 }} volumeMounts: - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties @@ -134,9 +113,11 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} - name: {{ include "common.fullname" . }}-logs-misc - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logmiscSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index 49ed56306a..60e8efc2ad 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -19,12 +19,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -54,8 +49,6 @@ spec: name: {{ .Values.service.metricsPortName }} targetPort: {{ .Values.service.metricsPortName }} {{- end }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} clusterIP: None sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml index c0d9f212b4..dc706029bf 100644 --- a/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml @@ -1,3 +1,3 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 6b268cae42..fd8206865e 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -111,11 +111,10 @@ global: # global defaults someConfig: random # application image -image: onap/aai-traversal:1.14.7 +image: onap/aai-traversal:1.15.2 pullPolicy: Always restartPolicy: Always flavor: small -flavorOverride: small # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: @@ -197,7 +196,6 @@ config: # environment variables added to the launch of the image in deployment env: MIN_HEAP_SIZE: "512m" - MAX_HEAP_SIZE: "2g" MAX_METASPACE_SIZE: "512m" # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" @@ -259,14 +257,20 @@ affinity: {} # probe configuration parameters liveness: + path: /actuator/health/liveness initialDelaySeconds: 60 periodSeconds: 60 enabled: true readiness: + path: /actuator/health/readiness initialDelaySeconds: 10 periodSeconds: 10 +actuator: + echo: + enabled: true + service: type: ClusterIP traversalPortName: http @@ -321,6 +325,19 @@ resources: memory: "4Gi" unlimited: {} +# define the heap size for the JVM +# according to the resource flavor +small: + maxHeapSize: "2500m" +large: + maxHeapSize: "3g" + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + tracing: collector: baseUrl: http://jaeger-collector.istio-system:9411 @@ -336,9 +353,12 @@ endpoints: info: enabled: true +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' + metrics: serviceMonitor: - enabled: false + enabled: true targetPort: 8448 path: /actuator/prometheus basicAuth: @@ -366,9 +386,9 @@ metrics: ## selector: app: '{{ include "common.name" . }}' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig @@ -398,9 +418,33 @@ serviceAccount: log: path: /var/log/onap level: - root: DEBUG - base: DEBUG # base package (org.onap.aai) + root: INFO + base: INFO # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + logSizeLimit: 50Mi + logmiscSizeLimit: 50Mi + tmpSizeLimit: 100Mi + +securityContext: + user_id: 1000 + group_id: 1000 + +readinessCheck: + wait_for_migration: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-migration' + wait_for_createSchema: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' + wait_for_cassandra: + services: + - '{{ .Values.global.cassandra.serviceName }}' + - aai-schema-service + wait_for_service: + services: + - aai ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/aai/resources/config/haproxy/resolvers.conf b/kubernetes/aai/resources/config/haproxy/resolvers.conf new file mode 100644 index 0000000000..c456e3526a --- /dev/null +++ b/kubernetes/aai/resources/config/haproxy/resolvers.conf @@ -0,0 +1,3 @@ +resolvers kubernetes + nameserver dns1 {{.Values.config.NAME_SERVER}}:53 + hold valid 1s diff --git a/kubernetes/aai/templates/authorizationpolicy.yaml b/kubernetes/aai/templates/authorizationpolicy.yaml index fa59f52f35..f48e06eab4 100644 --- a/kubernetes/aai/templates/authorizationpolicy.yaml +++ b/kubernetes/aai/templates/authorizationpolicy.yaml @@ -27,6 +27,7 @@ kind: AuthorizationPolicy metadata: name: {{ include "common.fullname" (dict "suffix" "authz" "dot" . )}} namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index dac36d729d..c66af502ac 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -22,12 +22,9 @@ kind: ConfigMap metadata: name: aai-deployment-configmap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: +{{ tpl (.Files.Glob "resources/config/haproxy/resolvers.conf").AsConfig . | indent 2 }} {{ if .Values.global.installSidecarSecurity }} {{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }} {{ else }} @@ -40,6 +37,7 @@ kind: Secret metadata: name: aai-fproxy-auth-certs namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }} @@ -49,6 +47,7 @@ kind: Secret metadata: name: aai-rproxy-auth-certs namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }} @@ -58,6 +57,7 @@ kind: Secret metadata: name: aai-rproxy-security-config namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index d64410ceea..a743592036 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -18,25 +18,13 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} @@ -45,59 +33,48 @@ spec: maxSurge: {{ .Values.updateStrategy.maxSurge }} {{- end }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.release" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --service-name - - aai-resources - - --service-name - - aai-traversal - - --service-name - - aai-graphadmin - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim}} + - command: ["/bin/sh","-c"] + args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/'] + image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}' imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: copy-haproxy-config resources: - requests: - memory: {{ .Values.haproxy.initContainers.resources.memory }} - cpu: {{ .Values.haproxy.initContainers.resources.cpu }} limits: - memory: {{ .Values.haproxy.initContainers.resources.memory }} - cpu: {{ .Values.haproxy.initContainers.resources.cpu }} + cpu: 100m + memory: 200Mi + requests: + cpu: 2m + memory: 100Mi + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/local/etc/haproxy_rw + name: haproxy-etc containers: - name: {{ include "common.name" . }} - image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}" + image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}' imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: + - mountPath: /usr/local/etc/haproxy + name: haproxy-etc + - mountPath: /usr/local/etc/haproxy/resolvers.conf + name: haproxy-config + subPath: resolvers.conf + readOnly: true - mountPath: /usr/local/etc/haproxy/haproxy.cfg {{ if .Values.global.installSidecarSecurity }} subPath: haproxy-pluggable-security.cfg {{ else }} subPath: haproxy.cfg {{ end }} - name: haproxy-cfg + name: haproxy-config ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} @@ -112,7 +89,11 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + resources: {{ include "common.resources" . | nindent 10 }} readinessProbe: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} httpGet: path: /aai/util/echo port: {{ .Values.service.internalPort }} @@ -128,9 +109,6 @@ spec: value: OOM_ReadinessCheck_TID - name: Accept value: application/json - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -141,7 +119,10 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: haproxy-cfg - configMap: - name: aai-deployment-configmap + - name: haproxy-config + configMap: + name: aai-deployment-configmap + - name: haproxy-etc + emptyDir: + sizeLimit: {{ .Values.volumes.haProxySizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml index d868b9582e..1a592a0801 100644 --- a/kubernetes/aai/templates/secret.yaml +++ b/kubernetes/aai/templates/secret.yaml @@ -19,11 +19,7 @@ kind: Secret metadata: name: aai-common-aai-auth namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} @@ -33,6 +29,7 @@ kind: Secret metadata: name: aai-common-truststore namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml index ecbab26439..1509311a2b 100644 --- a/kubernetes/aai/templates/service.yaml +++ b/kubernetes/aai/templates/service.yaml @@ -19,12 +19,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: ports: - name: {{ .Values.service.portName }} @@ -36,8 +31,7 @@ spec: {{ end }} {{- end }} type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}{{ .Values.service.type }}{{ end }} - selector: - app: {{ include "common.name" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} sessionAffinity: {{ .Values.service.sessionAffinity }} --- apiVersion: v1 @@ -45,38 +39,26 @@ kind: Service metadata: name: {{ include "common.servicename" . }}-internal namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: ports: - name: {{ .Values.service.portName }} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} type: ClusterIP - selector: - app: {{ include "common.name" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} --- apiVersion: v1 kind: Service metadata: name: {{ include "common.servicename" . }}-metrics namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-metrics - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: ports: - port: {{ .Values.metricsService.externalPort }} targetPort: {{ .Values.metricsService.internalPort }} name: {{ .Values.metricsService.portName }} type: {{ .Values.metricsService.type }} - selector: - app: {{ include "common.name" . }} - clusterIP: None
\ No newline at end of file + selector: {{- include "common.matchLabels" . | nindent 4 }} + clusterIP: None diff --git a/kubernetes/aai/templates/servicemonitor.yaml b/kubernetes/aai/templates/servicemonitor.yaml index c0d9f212b4..dc706029bf 100644 --- a/kubernetes/aai/templates/servicemonitor.yaml +++ b/kubernetes/aai/templates/servicemonitor.yaml @@ -1,3 +1,3 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 8607e58f60..a000d2f934 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -72,7 +72,6 @@ global: # global defaults # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql partitionerName: org.apache.cassandra.dht.Murmur3Partitioner - aai: serviceName: aai babel: @@ -310,11 +309,10 @@ aai-traversal: # application image dockerhubRepository: registry.hub.docker.com -image: onap/aai-haproxy:1.11.0 +image: onap/aai-haproxy:1.15.2 pullPolicy: Always flavor: small -flavorOverride: small # flag to enable debugging - application support required debugEnabled: false @@ -323,13 +321,19 @@ debugEnabled: false config: logstashServiceName: log-ls logstashPort: 5044 + # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file. + # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same. + NAME_SERVER: coredns.kube-system # default number of instances replicaCount: 1 +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + updateStrategy: type: RollingUpdate - maxUnavailable: 0 + maxUnavailable: 33% maxSurge: 1 nodeSelector: {} @@ -346,8 +350,11 @@ haproxy: enabled: false customConfigs: [] replicas: - aaiResources: 1 - aaiTraversal: 1 + aaiResources: 3 + aaiTraversal: 3 + # stickiness based on path. + # For multiple replicas, requests will not be distributed evenly + stickOnPath: true # probe configuration parameters liveness: @@ -396,7 +403,7 @@ metricsService: metrics: serviceMonitor: - enabled: false + enabled: true targetPort: 8448 path: /metrics basicAuth: @@ -404,9 +411,9 @@ metrics: selector: app: '{{ include "common.name" . }}-metrics' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' relabelings: [] @@ -455,15 +462,15 @@ resources: cpu: "2" memory: "4Gi" requests: - cpu: "1" - memory: "1.2Gi" + cpu: "500m" + memory: "1200Mi" large: limits: cpu: "4" memory: "8Gi" requests: - cpu: "2" - memory: "2.4Gi" + cpu: "1" + memory: "2400Mi" unlimited: {} #Pods Service Account @@ -471,3 +478,20 @@ serviceAccount: nameOverride: aai roles: - read + +securityContext: + user_id: 99 + group_id: 99 + +readinessCheck: + wait_for: + services: + - aai-resources + - aai-traversal + - aai-graphadmin + +volumes: + haProxySizeLimit: 20Mi + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' |